The SecureAuth 2020 State of Identity Report

May 5, 2020

By Paul Wiederkehr – Product Marketing, SecureAuth

The growth of the Internet has been nothing short of amazing, and in just under three decades the sheer number of people going online every day for personal use or business purposes is staggering. 

  • In 1996 the total number of websites was 258k and the number of internet users was 45 million
  • In 2000 the numbers grew to 17.1 million websites and 413 million users
  • In 2017 the number of websites was 1.76 billion with 3.4 billion users
  • In 2020 over 4.3 billion active users are online

As we enter the second decade of the 21st century, and with the Internet having woven itself into our everyday life, we thought the timing was right to explore how people are interacting with technology to access resources online.  We launched a survey to gather an understanding of our overall appetite and/or tolerance for the underlying security essential to safely and responsibly use applications, portals, systems, business tools, and online accounts in our everyday life.  The objective is to gain a better understanding of the psyche of the average person - from Generation Z to Baby Boomers and beyond - when it comes to security and personal privacy, and the habits that are  contributing to the challenge of protecting and securing our online privacy.

Are Passwords Your Achilles Heel

We like our passwords.  In fact, we like them so much that we take them everywhere with us.  That is to say that we use the same password all over the place.  Why?  It’s easy and convenient.

  • 53% of people admit to using the identical password for more than one account
  • 62% use the same password across as many as seven accounts

53% of people using same passwords across different accounts
53% of people admit to using the identical password for more than one account.

And in the workplace:

  • 34% of people in business leadership positions admit to using one of the top 10 most common passwords - ABC123, Qwerty, 123123, Admin, etc., to access business resources

And yes, these password habits lower our online security profile and make it easier for cyber-criminals to compromise our online accounts. According to the survey, 36% of people have had on of their online accounts hacked.

Director Level +
34% of employed people in a director level + role admit to having used one of the most common passwords

We like our passwords so much that many people can’t help but share them with others.  And because people are sharing their passwords for banking-related accounts, among other things, over formats that can be easily hacked (SMS and email), these people are creating unnecessary risk for themselves. In addition, many are quite comfortable sharing personal information (SSN, DOB, address, email, and credit card #) online in return for something free.  Surprisingly, 4% of people would provide their SSN to receive a gift card or coupon – that’s unbelievable! The information people are willing to give away are like pieces to a puzzle for a cyber-criminal. And over time the sharing creates a nice profile that reduces an individual’s online security and places valuable data at risk.

Are Biometrics the Future of Passwords

When it comes to providing access to online resources, three common factors can be used in the process: Something you know (such as a password), Something you have (such as a smart card), or Something you are (such as a fingerprint). I think it’s safe to say we’re all familiar with the use of biometrics (voice recognition, fingerprint reader, facial recognition, or retina scan) to gain access to secure resources.  And I’m positive many of us use biometrics today to access mobile devices such as a phone or tablet. However fewer than 1 in 3 people are comfortable sharing various forms of their biometric data with either a company they purchase goods and services from or the government. Why?

  • 57% of people say it feels to personal
  • 43% believe their data could get hacked

Despite high levels of discomfort, many people are already using biometrics. The survey reals we are using fingerprint or facial recognition for the following:

  • Unlock phones and computers
  • Credit card and banking authorization
  • TSA airport lines
  • Access to the workplace or office
  • Entering our own homes

49% of people have an appetite for using biometrics when they know it will save them time. It appears the future of protecting our identity and improving security lies in biometrics.  For now however, more education and awareness is needed to ease the minds of the average person to improve their appetite and willingness to embrace the potential of biometrics.

Are We Ready for What’s Next

Hackers know that people are the ideal target to attack in order to obtain credentials needed to access valuable resources because of our lax approach to passwords. The survey clearly identified that people inside or outside the office are not complying with password best practices which is unfortunately putting our personal data and privacy at risk. Beyond personal data, 44% of people are using the same password at work that they use to access a personal online account.  If any of these personal accounts are compromised, the potential exists that the business account(s) sharing the same password could be compromised as well. Based on the overall survey results, it seems fair to say that passwords no longer provide the level of protection we require.  Our approach to securing personal data and privacy must start by moving beyond passwords and incorporating more advanced methods of authentication to validate a user’s identity thereby reducing the threat surface and better protecting our valuable data and personal information.

Read the 2020 State of Identity Report

Passwords between work and personal use

 

Paul Wiederkehr
Paul is a 20+ year veteran in the IT industry with experience in distribution, channel, and enterprise sales and marketing. He is a champion of sales enablement and product marketing focused on the development of tools, content, messaging and more to empower sales teams to drive business outcomes. His previous roles include Director of Go-to-Market, Director Vendor Management & Marketing, and National Channel Sales Manager. Currently he is in a Product Marketing Manager role with SecureAuth.

Suggested reads

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!